CWmike writes “Citing data from Devil Mountain Software’s community-based Exo.performance.network (XPnet), Craig Barth, the company’s chief technology officer, said that new metrics reveal an unsettling trend. On average, 86% of Windows 7 machines in the XPnet pool are regularly consuming 90%-95% of their available RAM, resulting in slow-downs as the systems were forced to increasingly turn to disk-based virtual memory to handle tasks. The 86% mark for Windows 7 is more than twice the average number of Windows XP machines that run at the memory ’saturation’ point, and this comes despite more RAM being available on most Windows 7 machines. ‘This is alarming,’ Barth said of Windows 7 machines’ resource consumption. ‘For the OS to be pushing the hardware limits this quickly is amazing. Windows 7 is not the lean, mean version of Vista that you may think it is.’”
Read more of this story at Slashdot.
Link to the original site
L3sPau1 writes “A rootkit infection may be the cause of a Windows Blue Screen of Death issue experienced by Windows XP users who applied the latest round of Microsoft patches. It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches. Researcher Patrick W. Barnes, investigating the issue, has isolated the infection to the Windows atapi.sys file, a driver used by Windows to connect hard drives and other components. Barnes identified the infection as the Tdss-rootkit, which surfaced last November and has been spreading quickly, creating zombie machines for botnet activity.”
Read more of this story at Slashdot.
Link to the original site
CWmike writes “Tuesday’s security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company’s support forum. Complaints began early yesterday, and gained momentum throughout the day. ‘I updated 11 Windows XP updates today and restarted my PC like it asked me to,’ said a user identified as ‘tansenroy’ who kicked off a growing support thread: ‘From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: ‘A problem has been detected and Windows has been shutdown to prevent damage to your computer.’ Others joined in with similar reports. Several users posted solutions, but the one laid out by ‘maxyimus’ was marked by a Microsoft support engineer as the way out of the perpetual blue screens.”
Read more of this story at Slashdot.
Link to the original site
An anonymous reader writes “Way back in 1974, Dave Dennis, then aged 13, decided to try out the -ext- TUTOR command on the PLATO system at the University of Illinois, and see if he could cause all the terminals of other users to go offline. It worked. And he never got caught. Of course, the powers that be eventually caught on and fixed the -ext- command so terminals by default didn’t automatically receive -ext-’s sent from other locations.”
Read more of this story at Slashdot.
Link to the original site
Theovon writes “We’ve seen a few stories recently about the new Western Digital Green drives. According to WD, their new 4096-byte sector drives are problematic for Windows XP users but not Linux or most other OSes. Linux users should not be complacent about this, because not all the Linux tools like fdisk have caught up. The result is a reduction in write throughput by a factor of 3.3 across the board (a 230% overhead) when 4096-byte clusters are misaligned to 4096-byte physical sectors by one or more 512-byte logical sectors. The author does some benchmarks to demonstrate this. Also, from the comments on the article, it appears that even parted is not ready, since by default it aligns to ‘cylinder’ boundaries, which are not physical cylinder boundaries and are multiples of 63.”
Read more of this story at Slashdot.
Link to the original site
Lançado ontem, versão beta, um dos produtos de segurança mais interessantes que a Microsoft prometeu: um sistema centralizado para gestão de parametrizações de segurança, que permitirá gerir, de uma forma simples e eficiente, as políticas definidas para um conjunto diversificado de máquinas e aplicações.
As funcionalidades principais, segundo a Microsoft, são as seguintes:
- Gestão centralizada e portfolio de baselines de segurança. A consola para gestão centralizada do Security Compliance Manager fornece uma experiência de utilização unificada, completa, para planear, personalizar e exportar baselines de segurança. A ferramenta permite o acesso total ao portfolio de baselines recomendadas para sistemas operativos Windows, nas vertentes de estação e servidor, e para aplicações Microsoft;
- Personalização de baselines de segurança. A personalização, integração, e revisão das baselines torna-se mais fácil. Agora podemos usar as novas capacidades de personalização do Security Compliance Manager para, por exemplo, duplicar qualquer uma das baselines recomendadas pela Microsoft e, rapidamente, modificar parâmetros de segurança para ir ao encontro dos standards de cada organização;
- Comparação e exportação de baselines de segurança. O Security Compliance Manager permite a adopção rápida das versões mais recentes dos produtos Microsoft. A comparação lado-a-lado das características das baselines permite identificar quaisquer alterações em configurações, e integrar facilmente baselines dentro de uma família de produtos. Permite também exportar e distribuir baselines num formato preferido, incluindo, pacotes Desired Configuration Management (DCM), Security Content Automation Protocol (SCAP), XLS, e Group Policy Objects (GPOs);
- Monitorização e verificação da conformidade das baselines de segurança. O produto permite automatizar o processo de verificação da conformidade, através das funcionalidades de controlo de versões e actualizações. O planeamento, personalização, e exportação através do Security Compliance Manager podem suportar-se nas tecnologias de monitorização e verificação, para automatizar a distribuição de políticas, e produzir relatórios de conformidade.
Esta solução (ou, na nomenclatura Microsoft, este Solution Accelerator) inclui baselines para:
- Sistemas operativos para estações de trabalho: Windows® 7, Windows Vista® SP2, Windows XP® SP3, e BitLockerTM Drive Encryption;
- Sistemas operativos para servidores: Windows Server® 2008 SP2, Windows Server® 2003 SP2;
- Aplicações: 2007 Microsoft® Office SP2, Windows Internet Explorer® 8.
O programa de revisão beta irá decorrer até ao início de Março de 2010. O lançamento da versão final está previsto para Abril/Maio de 2010.
Quem estiver saturado de fazer folhas de cálculo para gerir as baselines1
e quiser participar no programa de revisão beta, para experimentar e influenciar o desenvolvimento da versão final, pode juntar-se à equipa: a Microsoft convida e promove a participação. Por aqui: connect.microsoft.com/….
1 Very private joke… : )
Link to the original site
Julie188 writes with this snippet from Network World “Office 2010 is still in beta and a patch is already out. Microsoft is trying to fix a bug in the email program Outlook 2010 Beta that creates unusually large e-mail files that take up too much space. The Outlook product team has offered a bug fix for both 32-bit and 64-bit systems that fixes the problem going forward, although previous emails will remain super-sized. This could be a problem for email programs that limit message sizes, such as Gmail or BlackBerry.”
Read more of this story at Slashdot.
Link to the original site
Na Tek:
Os esforços realizados pelas empresas para acautelar a segurança dos seus sistemas de informação parecem não estar a produzir resultados suficientemente eficazes. De acordo com informação divulgada num relatório da Symantec, no ano passado três em cada quatro empresas foram vítimas de ciberataques, em maior ou menor escala. Vinte e nove por cento das empresas admitem mesmo que o número de ataques de que foi vítima em 2009 aumentou (…) A Symantec aponta a escassez de recursos especializados alocados à segurança, sobretudo a áreas como a segurança de rede, das mensagens e no utilizador final como potenciadores dos riscos a que as organizações estão sujeitas.
in Três em cada quatro empresas alvo de ciberataques em 2009
.
Que coisa tão estranha, não é? Até parece mentira… ; )
Link to the original site
coomaria writes “OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that’s still one heck of a statistic. The fact that it’s Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: ‘every enterprise, yes, 100 percent, experienced cyber losses in 2009.’”
Read more of this story at Slashdot.
Link to the original site
jargon82 writes “A Pennsylvania high school is using laptops they issued to students to spy on them in homes and outside of school. According to a class action filling the webcams and microphones in these laptops could be remotely activated by school officials, and have been used in this role. One student was accused of ‘improper behavior in his home’ and the school provided a photo taken via his laptop as proof.”
Read more of this story at Slashdot.
Link to the original site